Changes between Version 1 and Version 2 of Ticket #1227, comment 8
- Timestamp:
- 09/21/2012 09:26:44 AM (8 months ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #1227, comment 8
v1 v2 1 1 After investigation, I found what the problem is: read memory outside of the bound of the array pointed to by register R1 in MACRO h264_chroma_mc8 or MACRO h264_chroma_mc4 in libavcodec/arm/h264dsp_neon.S (verion 0.8.10) or libavcodec/arm/h264cmc_neon.S(version 0.11.1). I fixed the bug by modifying those two macros. Here is updated macros in version 0.8.10: 2 2 {{{ 3 3 /* chroma_mc8(uint8_t *dst, uint8_t *src, int stride, int h, int x, int y) */ 4 4 .macro h264_chroma_mc8 type … … 253 253 endfunc 254 254 .endm 255 255 }}} 256 256 As shown in the code, register R1 points to ARRAY src (type is uint_t*). The idea in the modification is to test if register R3 (ARGUMENT h in caller of C program) is less than or equal to zero before reading elements pointed to by registe R1. If it is, then skip reading and jump to the end of function. 257 257
